0
我正在使用FOSUserBundle并在我的数据库中成功创建用户。但是,我试图通过遵循Symfony security演练登录用户,并且只有ROLE_ADMIN
用户访问/admin
。允许'Anon'用户访问'/ admin`的FOSUserBundle
但是,即使没有想到登录用户,当我尝试访问localhost/app_dev.php/admin
时,我能够以“Anon”用户的身份访问它。下面是我security.yml和控制文件:
应用程序/配置/ security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/admin/, role: ROLE_ADMIN }
的src /的appbundle /控制器/ DefaultController.php
class DefaultController extends Controller
{
/**
* @Route("/admin", name="admin")
*/
public function AdminAction(Request $request)
{
return $this->render('default/admin.html.twig', array(
'title' => 'Welcome Admin!!'
));
}
}